An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the returnpath parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability in ActualAnalyzer Server <=8.23 allows remote attackers to include arbitrary files via a URL in the rf parameter to direct.php.
The file claroline/auth/extauth/drivers/ldap.inc.php uses the variable clarolineRepositorySys in a include() function without being declared. There are other files vulnerable in the same folder, this exploit only attacks ldap.inc.php. There is other vulnerable file claroline/auth/extauth/casProcess.inc.php it uses the claro_CasLibPath in a include function but this is not being declared either, so pwnt, RFI.
The file dokeos/claroline/auth/ldap/authldap.php uses the variable includePath in a include() function without being declared. This issue has already been fixed in current claroline.net version, but dokeos still uses a vulnerable version.
The file jetbox/includes/phpdig/includes/config.php uses the variable relative_script_path in a include() function without being declared. This issue has already been fixed in phpdig, but jetbox still uses a vulnerable version.
TotalCalendar <=2.30 is vulnerable to a remote file include vulnerability. This vulnerability allows an attacker to include a remote file, usually resulting in a remote command execution.
The smart home solution is vulnerable to a remote Cross-Site Scripting triggered via a Remote File Inclusion issue by including arbitrary client-side dynamic scripts (JavaScript, VBScript) due to the undocumented proxy API and its url GET parameter. This allows hijacking the current session of the user or changing the look of the page by changing the HTML.